[1] EPIC Discusses Newly Released Patriot Act DocumentsEPIC held a press conference on December 13 to discuss documents aboutthe Patriot Act recently obtained through a Freedom of Information
Actlawsuit against the Department of Justice. The event was hosted by theFund for Constitutional Government.

The documents show FBI officials expressing frustration that the Officeof Intelligence Policy and Review--a Department of Justice check on FBIauthority--had not approved applications for Section 215 orders, theso-called "library records" provision. However, a 2004 memo refers to"recent
changes" allowing the FBI to "bypass" the office.

Other records obtained by EPIC in October though this lawsuit revealedinvestigations conducted for months without proper reporting
oroversight, an FBI agent's seizure of financial records in violation offederal privacy law, and an unidentified intelligence agency's
unlawfulphysical search (see EPIC Alert 12.22).

Last month, the federal judge presiding over the case stated that theFBI's responses to EPIC's request so far "have been unnecessarily
slowand inefficient." The FBI is under court order to process 1,500 pagesevery fifteen calendar days (see EPIC Alert 12.23). Processing
isexpected to be complete within a few months.

Congress is currently considering whether to renew key provisions of thePatriot Act, including Section 215. EPIC urged Congress to
extend thedeadline for renewal until more information is made public about how theFBI has used its expanded investigative powers.

Documents About the PATRIOT Act Obtained by EPIC Under the Freedom ofInformation Act:

[2] EPIC FOIA Documents Reveal DHS Knew of High-Tech Passport FlawsAccording to documents obtained by EPIC under the Freedom of InformationAct, the Department of Homeland Security has found significant
problemswith new hi-tech passports. Tests conducted last year revealed that"contactless" passports embedded with radio frequency
identification(RFID) technology create difficulties for border inspectors. EPICpreviously has highlighted flaws in the E-Passport
and, in light ofthese FOIA documents, submitted comments urging the abandonment of theuse of RFID technology in E-Passports.

In April 2005, EPIC, the Electronic Frontier Foundation, and othergroups wrote comments urging the State Department to abandon itsE-Passport
proposal, because it would have made personal data containedin high-tech passports vulnerable to unauthorized access. The StateDepartment
reevaluated the E-Passport plan after receiving a storm ofcriticism, but the proposal is going forward. By October 2006, almostall
U.S. passports will include an RFID-enabled chip containing about aunique identification number for the passport holder.

Proponents claimed that E-Passports would improve the inspection processat the borders, but the EPIC FOIA documents suggest otherwise.
Among thelisted problems: "Insufficient power to read all variations of chips onmany readers," "Most units required knowledge of
where chip was in orderto perform accurate read, required substantial manipulation of thepassport," "Footprint of the units interferes
with inspectoroperations," and "Some readers required the inspector to hold thepassport firmly against the unit in order to perform
the read. Thismeans the inspector is not able to perform other parts of theinspection."

Although Homeland Security states that "[i]nspectors must keep theireyes on the traveler at all times," the E-Passports take the inspectors'attention away from travelers. The tests found that "[i]nstructions onthe reader distract the inspector, e.g. electronic displays,"
and"[r]eaders require too much attention and time on the part of theinspector," according to the EPIC FOIA documents.

[3] Groups Comment on Parent Locator DatabaseEPIC was joined by the Privacy Rights Clearinghouse and World PrivacyForum in recommending accountability and accuracy improvements
forgovernment access to "parent locator services." These services, whichwere first implemented to locate "deadbeat dads," have expanded
toinclude an incredible array of personal information. In some states, allparents are tracked by such databases, not just individuals
who havefailed to meet support obligations. Comments by the groups weresubmitted to the Office of Child Support Enforcement within
the largerDepartment of Health and Human Services.

EPIC and the groups argued that since parent locator databases containso much sensitive information, heightened accountability and
accuracyrules are needed to check abuse. Two recent incidents support heightenedscrutiny of such databases. First, an HHS employee
recently pled guiltyin a case where she used databases to shield her prostitution businessfrom police. The employee had access to
LexisNexis databases through herjob as a bill collector for the Center for Medicaid Services, and usedthe information to ensure that
her clients were not police officers.

Second, errors in child support enforcement databases sometimes subjectinnocent people to the stigma of being labeled a "deadbeat
dad." In onesuch case, a San Mateo, CA man has been repeatedly pursued by countychild support enforcement agencies, despite the fact
that the agenciesknow he is not the father of the unsupported child. Child enforcementauthorities have attempted to place levies
on his paycheck at leastthree times.

To help prevent insider employee misuse of the databases, the groupssuggested that an immutable audit log be established to document
whoaccesses personal information and why. Such auditing systems can determisuse of databases, and aid in the investigation of wrongdoing.

The groups also suggested that the agency establish more specificaccuracy provisions, particularly in regard to the use of "commercialdata
brokers." Commercial data brokers are companies that collect andsell personal information to the government, private investigators,
andbusinesses. In recent studies, several commercial data brokers'databases have been shown to have serious errors. Accordingly, thegroups argued that the agency should not simply rely upon the accuracyof
these databases, but rather establish standards to preventindividuals from being falsely associated with child enforcement claims.

[4] Cybercrime Treaty Before SenateThe Council of Europe's Convention on Cybercrime is still pending beforethe full U.S. Senate, which must ratify the treaty before
it takeseffect in the U.S. After the Senate Committee on Foreign Relationsrapidly approved the treaty in November, a "hold" was placed
on it, toprevent an immediate and unannounced vote on the plenary floor of theSenate. The Committee had organized a hearing in June
2004 to discussthe ratification of the treaty, but it was held without substantivedebate, and only included supporters representing
government agencies.

In public letters to the Committee on Foreign Relations, EPIC has twiceurged the Senate to oppose ratification of the Cybercrime Convention.EPIC cited the sweeping expansion of law enforcement authority, thethreat to core United States civil liberties interests, and the
lack ofadequate safeguards for privacy.

Most importantly, the Cybercrime Convention lacks a "dual-criminality"provision, under which an activity must be considered a crime in bothcountries before one state can demand cooperation from another.
Thetreaty would thus require U.S. law enforcement authorities to cooperatewith a foreign police force even when such an agency is
investigating anactivity that is perfectly legal in the U.S. The Convention letssignatory States the possibility to amend it by specifically
requiringdual criminality, but neither the administration nor the SenateCommittee considered doing so. Opponents of a dual criminality
provisionfear that such a provision might reduce cooperation from foreignauthorities to obtain electronic evidence about offenses
other countriesdo not criminalize, such as money laundering, racketeering, andconspiracy.

EPIC's letter states that the Cybercrime Convention is much more like alaw enforcement "wish list" than an international instrument
trulyrespectful of human rights. The Convention fails to respect fundamentaltenets of human rights espoused in previous international
conventions,such as the 1948 Universal Declaration of Human Rights and the 1950Convention for the Protection of Human Rights and
Fundamental Freedoms.The Convention creates more invasive structures for law enforcementactivity without providing corresponding oversight and accountability.While the Convention is very specific about new authorities to pursueinvestigations, it contains only vague generalities with regard
to legalrights.

[5] Proposed IRS Rules Limit Outsourcing, Expand Other DisclosuresOn December 8, the IRS issued a notice of proposed rulemaking, whichoutlined significant changes to the ways in which tax preparers
canshare taxpayer information. The most heralded portions of the proposedrules require a taxpayer's written consent before a preparer
can sendthe taxpayer's information to co-workers or employees outside of theUnited States. These additional protections were added
because of thedifficulty in prosecuting overseas preparers who abuse taxpayerinformation. Congressman Edward Markey (D-MA), an early
proponent onlimiting the outsourcing of tax preparation services, praised the newrules in a statement released at the same time.

However, the proposed changes also increase the ways in which income taxpreparers can share taxpayer information within the United
States. Forexample, preparers can now share information with contractors or otherpreparers without notifying the taxpayer. Also,
lawyers or accountantsthat prepare tax returns would be able to disclose the information tothird parties without notifying the taxpayer,
if the disclosures weremade in the normal course of business. Currently, a lawyer oraccountant must have the taxpayer's express
or implied consent beforegiving out tax return information.

The new rules also would allow preparers limited use of taxpayerinformation for marketing and solicitation purposes, so long as thetaxpayer
provides consent. Current regulations strictly limit the typesof solicitations that preparers can make.

The proposed rules also limit the criminal liability for improperdisclosures. While current regulations impose a criminal penalty
forany improper disclosure of taxpayer information the new rules wouldrequire that the disclosure be made “knowingly or recklessly”
for thereto be criminal charges.

The IRS is requesting comments on the proposed rules by March 8, 2006. In addition, the IRS will be holding a public hearing on April 4, 2006. Those who wish to present oral comments at the hearing must submitwritten or electronic comments by March 8, and must also provide
anoutline of the topics to be discussed by March 14. More information isavailable in the IRS's Notice.

[6] News in BriefHouse Immigration Bill Includes National ID PlansThe House Judiciary Committee has approved immigration reform bill,sponsored by REAL
ID Act architect Rep. James Sensenbrenner, which wouldrequire a study on creating a machine-readable Social Security card anda Homeland
Security database containing information on the employmenteligibility of all citizens and non-citizens. EPIC testified earlierthis
year against the far-reaching plans. EPIC said that themachine-readable card would become a de facto identification card if, asthe
bill suggests, employers were forced to use the machine-readable SSNcard for employment verification. The SSN was never intended
to be anational identifier, and should not be used as such, EPIC said.

EU Passes Data Retention MeasuresOn December 14, the European Parliament approved a proposal thatrequires service providers to store
customers' records for lawenforcement for two years. The data retention proposal, billed as acrime and terrorism measure, mandates
the storage of phone locationdata, time and duration of calls, details of Internet connections, andthe details--but not the content--of email and Internet telephony calls.The measures must still be formally approved by member states. Privacygroups such as European Digital Rights and EPIC have continually
opposedthe measures as treating all European citizens as criminals. Privacyadvocates also say that the measures do little to stem
actual crime andterror. Telecoms have also opposed the measures on the grounds that thetwo-year storage is very costly, and governments
have not committed topaying any part of the costs required by the measure.

FTC Levies Record-Setting Fine Against DirecTV The Federal Trade Commission announced this week that it secured thelargest money settlement ever in a Do-Not-Call telemarketing suit.DirecTV, a satellite television provider, agreed to pay a $5.3 millionfine for violations of the Telemarketing Sales Rule. DirectTV'stelemarketing
partners were calling individuals on the Do-Not-CallRegistry. The partners were also "abandoning" calls, that is, initiatinga telemarketing
call but then hanging up before the consumer couldanswer. DirecTV was alleged to have provided "substantial assistance orsupport"
to these companies that were violating telemarketing laws. Thesettlement agreement announced this week does not conclude ongoinglitigation
against an additional seven telemarketing companies thatpartnered with DirecTV.

30,000 Travelers Improperly Matched to Terrorist Watch ListsAt least 30,000 air passengers have been improperly matched to names onfederal
watch lists since last November, according to Jim Kennedy, headof the Transportation Security Administration redress office. Each
ofthe 30,000 individuals submitted personal information and identificationdocuments to the agency in hopes of resolving their misidentificationproblems,
and were issued letters to help them clear security morequickly. A few dozen more people were unable to benefit from thisredress
process. Kennedy provided the information at a meeting of theDepartment of Homeland Security's Data Privacy and Integrity AdvisoryCommittee
in Washington last week. In related news, a Swedish newspapercited European airline sources as saying that 80,000 names were on thewatch
list provided by the U.S. government to airlines for passengerscreening.

Court Hears Arguments in Air Travel Identification CaseThe Ninth Circuit Court of Appeals recently heard oral arguments inGilmore
v. Gonzales, a case challenging an unpublished federalrequirement that passengers show ID before boarding commercialairplanes. Plaintiff
John Gilmore was not allowed to board a domesticflight because he refused to produce ID at the airport. Authorities alsorefused to
show Gilmore the TSA regulation that apparently required himto show ID. Justice Department lawyers continue to insist that thegovernment
need not disclose the law, since the regulation is a "lawenforcement technique" involving "sensitive security information." EPICfiled
a "friend of the court" brief in the case last year, arguing thatmeaningful judicial review is necessary to prevent the government
fromimposing secret law upon the public in violation of constitutional dueprocess rights.

Senator Seeks Alito Documents Withheld by the Justice DepartmentSenator Patrick Leahy has urged the Department of Justice to releasedocuments
withheld under the Freedom of Information Act concerningSupreme Court nominee Samuel Alito. In a letter to the Attorney Generallast week, Senator Leahy asked that the Senate Judiciary
Committee beprovided with all information withheld under the law, pointing out thatFreedom of Information Act exemptions do not apply to the Senate in itsconsideration of presidential nominations. Senator Leahy stated that theDepartment of
Justice must produce the information quickly if the Senateis to review Judge Alito's nomination in a timely manner.

Wikipedia Entry Sparks Anonymity, Privacy DebateIn November, John Seigenthaler, Sr., founder of the First AmendmentCenter and the
founding editorial director of USA Today, found falseinformation on an entry about him in Wikipedia, an online encyclopediathat can
be edited by any visitor to its site. Seigenthaler complainedof being unable to find the source of the misinformation, which wasplaced
in the article anonymously. When the author later came forwardand apologized, Seigenthaler accepted the apology, but continued to
havereservations about Wikipedia's open and anonymous nature, including thethreat that online defamation of political figures might
spur governmentregulation of the Internet.

Seigenthaler did note, however, that he could have filed suit against a"John Doe" and obtained the author's information via a subpoena.
Whilesuch methods may deter online defamation, they may also chill legitimatecriticism. Online whistle-blowers can be identified
through the use ofbogus "John Doe" defamation suits. Once the whistle-blower isidentified, the suit can be dropped, and retaliation
takes place outsideof the legal system.

[7] EPIC Bookstore and Privacy Gift GuideWith the holiday season upon us, EPIC is happy to help you find theperfect gift for the privacy activists on your shopping list.
We'vemade a list of privacy gifts you can give to yourself and others thisyear. Note: some of these gift ideas are sold by online
retailiers notafiiliated with EPIC. We therefore cannot guarantee their business (orprivacy) practices. As always, take care when
shopping online to protectyour personal information! Enjoy, and happy holidays from EPIC!

Disappearing Civil Liberties MugA full copy of the Bill of Rights is printed on this mug. But just add alittle heat--by pouring in a hot beverage, or just a lot of hot air--andwatch your civil liberties disappear!

Your Free Credit ReportHere's a gift you can give yourself at any time of year, and it'sabsolutely free! Go to www.annualcreditreport.com
and you'll be able tosee what lenders, landlords, and others see when they requestinformation about you. You can use this valuable
tool to check for andcorrect inaccuracies that can affect your business interactions. Also,check for new accounts that have been
opened without your knowledge orconsent--these may be signs of identity theft. The Fair and AccurateCredit Transactions Act (FACTA) says you can get your free credit reportat
least once a year with no charge.

Bill of Rights, Security EditionCarry your own copy of the first ten Amendments to the U.S. Constitutionin your pocket. When passing
through one of the ubiquitous metaldetectors today, feel free to toss the Bill of Rights into the basketwith your keys and watch.
Each copy of your own galvanized rights costs$4; a pack of 3 is $9.99.

Books from the EPIC BookstoreOver the past year, EPIC has read and reviewed a number of excellent newbooks on privacy and civil liberties
in the computer age. Here, we'velisted some of our favorites. Of course, you can always pick from themany excellent EPIC publications
listed below, too.

"This 106-page reference book has just been updated, describing more than700 state and federal laws on privacy and surveillance. A
descriptionand a legal citation is provided for each law. The laws are grouped bycategory, then listed alphabetically by state.
The 2005 Supplement,published in December 2005, includes scores of new laws on identitytheft, medical records, 'credit freezes,'
'Security-breachnotifications,' spam, and use of Social Security numbers."

Dan Tynan, "Computer Privacy Annoyances: How to Avoid the Most AnnoyingInvasions of Your Personal and Online Privacy"

Dan Tynan's Computer Privacy Annoyances gets it right: the book providesexcellent advice on how to protect privacy without turning
the readerinto a paranoid. The book has one of the best "top ten" steps toprotect privacy to date. He covers privacy at home, work,
and on theInternets. He also covers privacy in public, an increasingly importanttopic in an age of ubiquitous cameras and nagging
offline requests forpersonal data at retail stores. A prescient section of the bookdiscusses the privacy risks associated with social
network software,systems that many even in the privacy community have adopted.

Katherine Albrecht, "Spychips: How major corporations and governmentplan to track your every move with RFID"

The privacy movement has been waiting for the book that transforms theworld as did Rachel Carson's "Silent Spring," Michael Harrington's
"TheOther America," and Ralph Nader's "Unsafe at Any Speed." It's not yetclear that Spychips will be that book, but the case can
be made thatSpychips is one of the best privacy books in many years.

There are few technologies transforming the world as rapidly as RFID…There is much here for Orwellian paranoia. But what makes Spychips sucha compelling book is that Albrecht and McIntyre stay focused
on what isactually happening today. They are also funny, clever, engaging, andinformative.

Journalist Robert O'Harrow's first book, No Place to Hide, is aWashington insider's exposé of how the fast-developing data collection,analysis,
and identification technologies first developed for themarketing industry are increasingly used for law enforcement purposessince
9/11.

Johnny Long's "Google Hacking for the Penetration Testers" is anexcellent resource on the Google Internet search engine. Anyone whouses
Google should read the first two chapters of this book, as itexplains the basic and more advanced search techniques available. Afterchapter
two, things get interesting. Long explains how to use Google toaccess information anonymously, and then dives into discovering sitevulnerabilities
and personal information on the Internet. It concludeswith common-sense approaches to securing your own servers against thesearch
techniques explained earlier in the book.

"With 10 million new victims a year, there is a vast need for people tohave legal help at a reasonable price. As a lawyer and former
victimherself, who has helped thousands of victims, Ms. Frank coaches andguides you through every step, to lead you out of the nightmare.
MariFrank had created the first self-help recovery tool for victims ofidentity theft back in 1998, and this new edition with CD includes
thenew federal laws and regulations in an easy to understand format."

Lawrence Lessig, "Free Culture: How Big Media Uses Technology and theLaw to Lock Down Culture and Control Creativity"

Lawrence Lessig could be called a cultural environmentalist. One ofAmerica's most original and influential public intellectuals, his
focusis the social dimension of creativity: how creative work builds on thepast and how society encourages or inhibits that building
with laws andtechnologies...In Free Culture, he widens his focus to consider thediminishment of the larger public domain of ideas.
In this powerfulwake-up call he shows how short-sighted interests blind to the long-termdamage they're inflicting are poisoning the
ecosystem that fostersinnovation."

"It is a historic occasion when a Supreme Court justice offers, off thebench, a new interpretation of the Constitution. Active Liberty, basedon the Tanner lectures on Human Values that Justice Stephen Breyerdelivered at Harvard University in November
2004, defines that term as asharing of the nation's sovereign authority with its citizens. Regardingthe Constitution as a guide for the application of basic Americanprinciples to a living and changing society rather than as an arsenal ofrigid legal
means for binding and restricting it, Justice Breyer arguesthat the genius of the Constitution rests not in any static meaning itmight have had in a world that is dead and gone, but in the adaptabilityof its great principles
to cope with current problems."

A Contribution to EPICOne final gift suggestion: If someone on your list is truly seriousabout protecting civil liberties, they'll
definitely appreciate acontribution made to EPIC in their name (so will we!). They'll be gladto know that your contribution will
help us continue our work towardsprotecting the ideals of privacy, free expression, and open government.And if they're a real supporter of privacy rights, they'll be glad toknow that we don't rent, loan, trade, release or otherwise makeavailable
the names of our individual contributors. You can donate bycredit card, check, or even via Paypal.

This annual report by EPIC and Privacy International provides anoverview of key privacy topics and reviews the state of privacy in
over60 countries around the world. The report outlines legal protections,new challenges, and important issues and events relating
to privacy. Privacy & Human Rights 2004 is the most comprehensive report on privacyand data protection ever published.

This is the standard reference work covering all aspects of the Freedomof Information Act, the Privacy Act, the Government in the Sunshine Act,and the Federal Advisory Committee Act. The 22nd edition fully updatesthe manual
that lawyers, journalists and researchers have relied on formore than 25 years. For those who litigate open government cases (orneed
to learn how to litigate them), this is an essential referencemanual.

This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS).
Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, and recommendations and proposals
forfuture action, as well as a useful list of resources and contacts forindividuals and organizations that wish to become more involved
in theWSIS process.

The Privacy Law Sourcebook, which has been called the "Physician's DeskReference" of the privacy world, is the leading resource for
students,attorneys, researchers, and journalists interested in pursuing privacylaw in the United States and around the world. It
includes the fulltexts of major privacy laws and directives such as the Fair CreditReporting Act, the Privacy Act, and the OECD Privacy
Guidelines, as wellas an up-to-date section on recent developments. New materials includethe APEC Privacy Framework, the Video Voyeurism
Prevention Act, and theCAN-SPAM Act.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested
in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumers andthe
basic responsibilities for businesses in the online economy.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although several governmentsare gaining new powers to combat the perceived threats of encryption
tolaw enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

Beyond the Basics: Advanced Legal Topics in Open Source andCollaborative Development in the Global Marketplace. University ofWashington
School of Law. March 21, 2006. Seattle, Washington. For moreinformation:http://www.law.washington.edu/lct/Events/FOSS/

First International Conference on Availability, Reliability andSecurity. Vienna University of Technology. April 20-22, 2006. Vienna,Austria.
For more inofrmation:http://www.ifs.tuwien.ac.at/ares2006/

CHI 2006 Workshop on Privacy-Enhanced Personalization. UC IrvineInstitute for Software Research and the National Science Foundation.April 22-23. Montreal, Quebec, Canada. For more information:http://www.isr.uci.edu/pep06/

The First International Conference on Legal, Security and Privacy Issuesin IT (LSPI). CompLex. April 30-May 2, 2006. Hamburg, Germany.
For moreinformation:http://www.kierkegaard.co.uk/

International Conference on Privacy, Security, and Trust (PST 2006).University of Ontario Institute of Technology. October 20-November 1,2006. Oshawa, Ontario, Canada. For more information:http://www.businessandit.uoit.ca/pst2006/

Privacy PolicyThe EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (link toother databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under "subscriptioninformation."

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible.
Checksshould be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,Suite 200, Washington, DC 20009. Or you can contribute
online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation
of encryption andexpanding wiretapping powers.